A new danger has been detected for Windows users. It turns out that user themes can be used to steal account data.
Vulnerability was detected by security specialist Jimmy Bayne. The loophole is located in Windows 10 theme settings, which allows attackers to obtain user credentials by creating a special theme for Pass-the-hash attack (one of the types of replay attack).
Simply put, when a user installs customized themes from untested sources, he opens a loophole on his computer for cybercriminals. When opening a file with such a theme, the user is redirected to a special page where he is prompted to enter his credentials.
The OS allows users to share design themes with others through the settings interface. This creates a .deskthemepack file, which can be transferred, for example, by e-mail. Attackers can also create a .theme file, which redirects the user to a site requiring authentication. Passwords that are not too complex are then cracked using special software.
As a precaution, the expert suggests blocking files with extensions like .theme, .themepack and .desktopthemepackfile. He noted that Microsoft had already been notified of the problem, but had not yet fixed it.